Cannot use Okta through Postman or SDK

Hi,

I created an Okta account, generated an API Token on the dev site and tried to add a user or get a list of users.

With the .NET Okta.Sdk I get the error ‘Invalid Token Provided’ every time, but with Postman I got a little further obtaining a long HTML response (558 KB) that basically says “Page not found”.

Here’s a simple command tat I use for getting a list of users (I replaced the api token):

curl -v -X GET
-H “Accept: application/json”
-H “Content-Type: application/json”
-H “Authorization: SSWS …”
https://okta.com/api/v1/users

Please help me add users to Okta because we have existing customers who want to migrate to this solution and I already changed our software to use the Okta Authentication.

Thank you,
Paul

Hey Paul,

Make sure to correct your API matches this format: http://{{your-okta-tenant}}.okta.com/api/v1/users

1 Like

Hi brh55,

If I do that, then I get the error:

{
“errorCode”: “E0000011”,
“errorSummary”: “Invalid token provided”,
“errorLink”: “E0000011”,
“errorId”: “oaeEz6AJ1L7QB2S7Bv3JSqr8A”,
“errorCauses”:
}

I’ve read somewhere that I should ignore “{{your-okta-tenant}}”, so I did. At least this way I’m not getting a direct error, but the response is still incorrect.

Regards,
Paul

So that is the error you want as it means you are hitting the endpoint, just not providing a valid token.

Couple things:

  • Make sure you generate the token from the same okta tenant you are hitting the endpoint
  • The user who generated your token has sufficient permissions as tokens will inherit permissions from the creator
  • You are passing the token in Authorization header as SSWS API_TOKEN_HERE (looks right from your sample curl)
  • The token is not expired as tokens need to be used at least once every 30 days, otherwise they will expire
1 Like

I’m generating the API token on https://dev-48184511-admin.okta.com/admin/access/api/tokens
my user is Super Admin, the last token that I used was generated 2 days ago (although it seems strange that it has the same datetime in the Created and Expires fields).

I’m wondering what you mean by " * Make sure you generate the token from the same okta tenant you are hitting the endpoint". I have a single Okta trial account.

I noticed that if I specify in Postman in the Authorization tab Type=OAuth 2.0 and I paste the API token in the Access Token field, then I always get the result ‘1’ for any command. But the commands don’t seem to have any effect because I tried to create some users and then get a list of users - which also returns ‘1’.

Thank you,
Paul

Can you try this curl command and report back what you get as a response, being sure you place yourApiToken with the token you generated for your super admin:

curl --location --request GET ' https://dev-48184511.okta.com/api/v1/users?limit=25' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: SSWS yourApiToken' \

if you prefer Postman, I highly recommend getting our Postman Collection for the Users endpoint so you can be certain your API request is well-formed.

Hi Andrea,

If I run your query I get this response:

{
“errorCode”: “E0000011”,
“errorSummary”: “Invalid token provided”,
“errorLink”: “E0000011”,
“errorId”: “oae-LBvjqsPSFmSdlXnlhJLkw”,
“errorCauses”:
}

Same if I run various queries from your Postman Collection and I just replace the URL and API token.

So maybe I don’t generate the API tokens correctly… I do it on the okta.com website, I press Create Token, then I save the generated string and use it in my requests.

Thank you,
Paul

I notice you mentioned setting the Authorization type to Type=OAuth 2.0 within your Postman call. Please update this to Inherit auth from parent
image

And the headers are set like such:

That’s the default, so that’s what I usually used. Auth 2.0 was something that I tried maybe once.

I created a new Okta account and used an URL in the form ‘https://dev-xxxxxxxx.okta.com’ instead of using the company name in the URL, this way it worked.

Thanks for all your help!
Paul

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.